Go back to Insights >
IoT Security Systems

Why is it so Hard to Keep IoT Devices Up to Date and Secure?

One of the biggest challenges to creating secure IoT ecosystems is that IoT devices are often designed with little to no security in mind, and end-users are often not educated about the importance of firmware updates for their personal security when using connected devices. In addition, the sheer number of devices a company or a household can own and the lack of proper user interfaces and/or technical abilities further deters device owners from keeping their devices up to date, which leads to increased vulnerabilities over time.

Frédéric Matthys
Frédéric Matthys
Product Director, Kudelski IoT
Updated on
September 1, 2022
IN SHORT
A simple and efficient way to ensure devices are kept up-to-date and secure is Firmware-Over-the-Air (FOTA) updates.
Tweet this

What is a Firmware Over The Air (FOTA) update?

Firmware over the air, or FOTA, is a technology that allows manufacturers to remotely update the firmware of their devices without the need for physical access, via Wi-Fi, cellular or any other available network technology. Over-the-air updates refer to the process of wirelessly downloading and installing new firmware on a device. FOTA can be used to fix security vulnerabilities, add new features, or simply keep a device up to date with the latest firmware version.

Device updates are usually managed by the device manufacturer, and if this is true, are done automatically. But with some devices, it’s the device owner that must initiate the update, which they unfortunately often fail to do. This failure to do manual updates is one of the reasons many devices are left unprotected, even when a new version of the firmware is available. This creates unnecessary security gaps and leaves the device owner open to attacks on their device, their network and their data.

FOTA - when done by manufacturers - allows them to improve the security and performance of their devices without inconvenience or expense, and it gives companies and consumers peace of mind knowing that their devices are always up to date and that they are safe from known vulnerabilities as well as enjoying the latest product features

How does FOTA work for IoT devices?

Firmware is the software that controls how a device operates, and it is stored in the device's read-only memory. To implement FOTA, manufacturers first need to enable remote access to their devices. They then need to create and host a firmware image that can be downloaded and trusted by the devices. Once the image is created and signed for security purposes, the manufacturer can push the update to all of their devices over-the-air. If the device authenticates the firmware image using well-implemented security controls (we will describe what can go wrong later), the devices will then install the new firmware and reboot automatically. Once the update is complete, the IoT device will be running the new firmware and benefit from any new protections or features it contains.

FOTA is the best way to ensure that IoT devices are up to date and secure

FOTA updates are a convenient way to keep IoT devices up-to-date, and they can help improve security by ensuring that devices are running the latest version of their firmware.

The benefits of using FOTA for IoT Device Security are numerous:

  • A seamless user experience
  • Decreased service costs for manufacturers
  • Full control over Firmware

FOTA ensures a seamless user experience

For users, FOTA provides a seamless experience by simplifying the process of keeping devices up to date. Firmware updates can be released more frequently and as needed, without requiring users to take any action. It also eliminates the need to manually update Firmware, which can be time-consuming and prone to errors. It also reduces the risk of Firmware becoming outdated, which can lead to security vulnerabilities.

FOTA decreases Service Costs for Manufacturers

FOTA represents a major advantage for manufacturers, as it reduces the cost and hassle of recalls and repair cycles by making it easier to resolve issues remotely, thus reducing the need for field service calls. Overall, FOTA decreases support costs by reducing the number of customer calls related to Firmware updates

FOTA allows Manufacturers Full control over their Firmware

Overall, Firmware-Over-The-Air allows manufacturers full control over the devices they sell, increasing the quality of their service and products. By updating firmware remotely, device manufacturers can close security gaps and patch vulnerabilities quickly and easily, allows manufacturers to roll back firmware to a previous version if necessary, or to deploy new features quickly and easily. In addition, FOTA can help to improve product quality by allowing manufacturers to quickly roll out fixes for software bugs.

What are the risks when FOTA is done improperly?

FOTA isn't without serious risks if done improperly. There are a number of exploits that hackers can take advantage of if a FOTA system isn't implemented correctly.

The firmware can be substituted with a malicious image by an attacker

By creating a fake firmware repository and tricking the device into connecting to it instead of to the legitimate one, attackers can make devices download the wrong software. This can be done when the authentication to the server is weak, when the device does not check the authenticity of the firmware file, or the software integrity is not protected.

Attackers can perform a malicious downgrade to a version with security vulnerabilities

One of the reasons to update a software is because a security vulnerability is found. When such an issue is publicly known, attackers will try to exploit it. But when the software is fixed, they can no longer exploit it. One solution for attackers is to force  the device to revert back to prior firmware version and make them vulnerable again.

Attackers can make the device think it is up to date, while it is running an old version

This is similar to the prior case, but in this case, attackers prevent the device from ever updating to the new version so they can continue to exploit its vulnerabilities.

Kudelski IoT Firmware Lifecycle Management (FOTA) Service

Whether it is a security patch, a bug fix or a new feature to improve your product, Kudelski IoT Secure FOTA Service gives you a path to secure success. Learn more about our embedded secure FOTA update service on www.kudelski-iot.com.

As the IoT market continues to grow, FOTA is likely to become an essential tool for managing the ever-growing number of connected devices. With proper FOTA tools and processes in place, FOTA can help protect devices from attackers and keep them running smoothly.

Fact Sheet

Over-the-Air Update Service

Kudelski IoT Secure FOTA empowers you to manage your product’s entire lifecycle.